Facebook, as a Developer, I’m Scared!

I’ve attempted to stay out of this until now because as Nick O’Neill implies, it’s pretty childish the way both the supporters and critics are handling this. I’m especially disappointed with the way Facebook is handling the Google Friend Connect issue. For those out of the loop, Facebook cancelled Google’s Friend Connect App on Facebook because, “it redistributes user information from Facebook to other developers without users’ knowledge, which doesn’t respect the privacy standards our users have come to expect and is a violation of our Terms of Service”. Facebook gave no examples of what sections of the Terms of Service Google was violating, nor did they explain why Google was wrong. This vaguely-presented move prevents Google from having a universal login and profile that includes Facebook.

Google responded today saying, “We read the Facebook numeric id, friendly name, and public photo URLs of the user and their friends. We read no other information.” Google then proceeded to show detailed examples of the data they are retrieving from Facebook, how it is presented back to them, and the fact that they only share the URL of the user’s public photo with third party applications. They also stated that they only store data for 30 minutes at a time, after which they purge any of the above data cached on their servers.

I was impressed with Google’s response, and due to the openness and (apparent) honesty of it, I’m edging towards Google’s side on this, and quite scared as a Facebook developer on what Facebook could do with my own Apps. Assuming Google is right and not leaving anything out, Facebook could potentially remove any developer’s App from Facebook, no questions asked (although they did say they contacted Google multiple times about “something”), even though, per the developer’s understanding of the Terms of Service, the developer’s App follows the rules.

Based on what Google has said, I can’t see anything they did wrong in the development of their App that violates the Terms of Service. I really wish Facebook would explain further so we as developers could ensure our Apps aren’t doing the same. It also brings up many important questions as to what Facebook means when it comes to certain parts of the Terms of Service. I’m actually quite confused now as to what I can and can’t do on Facebook.

“You may retain copies of Exportable Facebook Properties for such period of time (if any) as the Applicable Facebook User for such Exportable Facebook Properties may approve, if (and only if) such Applicable Facebook User expressly approves your doing so pursuant to an affirmative “opt-in” after receiving a prominent disclosure of (a) the uses you intend to make of such Exportable Facebook Properties, (b) the duration for which you will retain copies of such Exportable Facebook Properties and (c) any terms and conditions governing your use of such Exportable Facebook Properties (a “Full Disclosure Opt-In”);”

Yet, in the section before that, it says I can only store indefinitely the uid, nid, eid, gid, pid, aid, notes_count, and profile_update_time. Does this mean I can or can’t get a user’s permission to store data on my servers? What about permanent session keys? I don’t see them in that list, yet the documentation seems to imply you need one to auto-authenticate a user. Am I breaking the developer ToS by storing a permanent session key?

Google is passing the public photo URL to third parties. Technically, because this is public information, it doesn’t even take a developer key to retrieve that URL. I could simply pull up the user’s profile page via their profile ID, and scrape the photo from the public profile. Is this really what’s causing Google to have their App removed? If so, I’m really scared as a Facebook App developer.

As you can see, the Facebook developer Terms of Service are simply too vague and too confusing for any developer to feel secure about keeping their App on the network. With actions like the one Facebook took against Google, I now have to question if my Apps too could be a target for Facebook to remove. If Google, who has hundreds of Lawyers on hand to look over such terms can’t figure out what they can and can’t do on the service, how can I, as a developer know what I can and can’t do on the service? Right now it’s a complete guessing game, with just the hope that Facebook will be decent enough to give you a warning before canceling your App. Is this really how we as developers should be developing our Apps?

I really hope Facebook can clarify this matter. I think after this move by Facebook, Facebook needs to clarify their Terms of Service for Developers and first, explain according to what violation in the Terms of Service Google’s App was removed, and second, break down in plain English what we as developers can and can’t do.

Facebook, Google laid out all their cards, at least as far as we can tell (and even if not they certainly laid out way more than Facebook did). How about not leaving us developers hanging and clarify all this once and for all? As a developer, I’m absolutely confused and scared at the moment of the very Walled Garden I make a living off of.

One thought on “Facebook, as a Developer, I’m Scared!”

[…] seem to be doing. About a month or two ago, Facebook removed the Google FriendConnect App (which I mentioned earlier), and still has yet to provide a very good explanation other than “they are violating […]